Menu

industry insight

How to Successfully Introduce Role Based Access Control into a Group Environment

May 31, 2017

A three-part series examining the intricacies of integrating Role Based Access Control into a group environment.

In this first part of our three-part series we will begin to describe the process of integrating Role Based Access Control (RBAC) into a group based environment. Our first installment will give a high-level overview of the necessary footwork to prepare the stakeholders by examining the need, evaluating the current access landscape, and preparing for the organization-wide change that comes with the territory.

Role based access control is a methodical approach to provisioning based upon roles and privileges in contrast to a rule-based or discretionary approach. Roles simplify access management for employees, contractors, and external users by incorporating the business policies and rules necessary to grant appropriate access.

These business drivers are often unique to each organization. They can be a mix of facilitating security, driving provisioning efficiencies such as reduction of employee downtime through better automation, and reducing the overhead associated with compliance controls like HIPPA, GLBA, SOX, and FISMA.

Lessons We’ve Learned Integrating RBAC

Be flexible – RBAC must support organization change

Anticipate political issues and plan ahead

With ownership comes responsibility

As with any effort, it is most important to understand why. What drives the effort? And as with any substantial capital investment, internal alignment is a critical component to the success of the integration. Don’t make the mistake of choosing a technology and beginning implementation without understanding how it affects your business strategy and your security environment.

Stay tuned for our next two installments on RBAC, which will offer high-level descriptions of the requirements needed for collaborative participation to gather information needed for design and implementation.

Learn more about how to get started with Role Based Access Controls, check out these resources:

By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us